web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Copilot Studio Agent w...
Copilot Studio
Suggested Answer

Copilot Studio Agent with Manual Authentication to SharePoint knowledge

(1) ShareShare
ReportReport
Posted on by SanjayAdsure201 83
Hi everyone,
I have created a Copilot Studio agent with Manual Authentication using MS Entra ID with Client Secret option selected. Have provided below MS Graph API Permissions to app:

Added some site pages link to knowledge sources but the copilot unable to get result from them. If I switch the authentication to MS Entra ID I can get result from SharePoint but not with Manual Authentication. I want to use this agent in custom site (React + Python) so I am trying to implement it using Manual Authentication.
Any help will be highly appreciated.
 
Thanks,
Sanjay
Categories:
Copilot Studio skills development
I have the same question (0)
  • Suggested answer
    AP-26031104-0 Profile Picture
    AP-26031104-0 Microsoft Employee on at

    Hi  SanjayAdsure201,

    The behavior you’re seeing is expected due to the difference in authentication context:

    • MS Entra ID authentication (default): The Copilot agent uses the app’s identity with delegated permissions, which allows it to query SharePoint on behalf of a user and retrieve site pages.
    • Manual Authentication (Client Secret): This uses the client credentials flow, which provides application permissions instead of delegated permissions. Some Graph API endpoints—especially certain SharePoint pages—require delegated access or specific site permissions, which is why results may not be returned in this mode.
    To resolve this, you should ensure your app has the appropriate Application permissions (e.g., Sites.Read.All) in Azure AD instead of delegated permissions, and that admin consent has been granted. This will allow your Copilot agent to access the SharePoint knowledge sources correctly using Manual Authentication.
     
    Let us know if this resolves the issue.
  • Suggested answer
    rezarizvii Profile Picture
    rezarizvii 118 on at
    Hi @SanjayAdsure201, hope you are doing well.
     
    Manual auth with client secret is the issue here. With Microsoft Copilot Studio, SharePoint knowledge sources rely on delegated user context to resolve content.
     
    What you can do
    Option 1: Use delegated auth in your custom app
    • Implement OAuth (Auth code flow / PKCE) in your React app
    • Pass user token to Copilot
    • This aligns with how Copilot expects to access SharePoint
    Option 2: Don’t use SharePoint as knowledge source
    • Move content to:
      • Dataverse
      • External API
    • Then call it via actions (works with app-only)
     
    If this reply helped you in any way, please give it a Like 💜 and in case it resolved your issue, please mark it as the Verified Answer ✅.
  • SanjayAdsure201 Profile Picture
    SanjayAdsure201 83 on at
    Thank you @AP-26031104-0 for your reply. I have added the Application permission for Sites.Read.All and also requested for Admin consent. Let me check this & update here once done.
     
    Thanks,
    Sanjay Adsure
  • SanjayAdsure201 Profile Picture
    SanjayAdsure201 83 on at
    Thank you @rezarizvii for your reply.
     
    May I know more details about the Option 1: Use delegated auth in your custom app you mentioned.
    1. Option 1: Use delegated auth in your custom app
      • Implement OAuth (Auth code flow / PKCE) in your React app
      • Pass user token to Copilot
      • This aligns with how Copilot expects to access SharePoint
    I'm not well versed with react (it's been developed by other person) so would really appreciate if you can provide some link or step by step way to do this.
     
    Thanks,
    Sanjay
  • rezarizvii Profile Picture
    rezarizvii 118 on at
     
    There is a library in React that we can use to authenticate with Microsoft Entra called MSAL.js. Using MSAL, users can request an access token generated after authenticating with MS Entra to make external API calls in their custom apps. You need to create an app registration, assign the API permissions you think you may need, and then call the MSAL function `aquireTokenSilent()` to get the delegated access token which has the context of the user who has logged-in.

    The idea was to use that generated delgated token with Copilot.

    Here are some articles you can reference: 
    Acquire and cache tokens with Microsoft Authentication Library (MSAL) - Microsoft identity platform | Microsoft Learn
    Pass custom state in authentication requests (MSAL.js) - Microsoft identity platform | Microsoft Learn
    Overview of the Microsoft Authentication Library (MSAL) for Python - Microsoft Authentication Library for Python | Microsoft Learn

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 599

#2
chiaraalina Profile Picture

chiaraalina 170 Super User 2026 Season 1

#3
deepakmehta13a Profile Picture

deepakmehta13a 118

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ❤️ MCP" lab
Block PII/PCI in Copilot Studio agent user prompt
Welcome to the Copilot Studio forum!

Product updates

Microsoft Power Platform Community release plans